PRNGD/Solaris 2.6/ssh 371p2

From: Curt D McIntosh (
Date: 10/22/03

  • Next message: Alvin Wong: "SFTP server on windows"
    Date: Tue, 21 Oct 2003 18:00:16 -0400

    On a Solaris 2.6 NIS Master, this is what I do using sunfreeware

    As root:
    add /usr/local/bin, /usr/local/sbin and /usr/local/ssl/bin to my path.
    add /usr/local/ssl/lib to LD_LIBRARY_PATH and source profile.

    --> pkgadd -d openssh-3.7.1p2-sol26-sparc-local
    --> pkgadd -d openssl-0.9.7b-sol26-sparc-local
    --> pkgadd -d zlib-1.1.4-sol26-sparc-local
    --> pkgadd -d gcc-3.2.3-sol26-sparc-local
    --> pkgadd -d tcp_wrappers-7.6-sol26-sparc-local
    --> pkgadd -d prngd-0.9.25-sol26-sparc-local
    --> pkgadd -d egd-0.8-sol26-sparc-local
    --> pkgadd -d perl-5.8.0-sol26-sparc-local

    --> cat /var/adm/messages > /usr/local/etc/prngd/prngd-seed
    --> mkdir /var/spool/prngd
    --> /usr/local/sbin/prngd /var/spool/prngd/pool
    --> /usr/local/bin/ /var/spool/prngd/pool get
    I see this:
    32800 bits of entropy in pool

    --> mkdir /var/empty
    --> chown root:sys /var/empty
    --> chmod 600 /var/empty
    --> groupadd sshd
    --> useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
    --> cd /var/yp
    --> make

    # ssh-keygen -t rsa1 -N ""
    PRNG is not seeded

    # ps -ef | grep prngd
        root 4031 228 0 14:41:09 pts/0 0:00 grep prngd
        root 3985 1 0 14:39:54 ? 0:00 /usr/local/sbin/prngd

    Why do I get PRNG is not seeded? I had ssh 3.6.1 working just fine on
    this Solaris 2.6 host. I upgraded to 3.7.1p2 for security reasons and it no longer works. I then removed all
    packages, ssh user/group/home dir, scripts, keys, etc., and reinstalled
    everything from scratch. Still no PRNG seed. Any suggestions?


    Curt McIntosh
    10920 Technology Place
    Mail Zone 604S2, 4th Floor
    San Diego, CA 92127

    This is a PRIVATE message. If you are not the intended recipient, please
    delete without copying and kindly advise us by e-mail of the mistake in
    delivery. NOTE: Regardless of content, this e-mail shall not operate to
    bind CSC to any order or other contract unless pursuant to explicit
    written agreement or government initiative expressly permitting the use of
    e-mail for such purpose.

  • Next message: Alvin Wong: "SFTP server on windows"

    Relevant Pages

    • in trouble
      ... I'm a maintainer at - a project that should be familiar ... Contact everone and simply let them know that Dennis has his house up ... Solaris community to let it die - we're Solaris users producing ... packages _for_ Solaris users. ...
    • RE: Is Yahoo! moving from FreeBSD?
      ... > ports collection to be used on multiple plateform and ... > system (NetBSD, Solaris, Linux, AIX, etc.: a list of all the supported ... > very convenient to be able to compile our own set of packages ... a practical limit to CPU speeds. ...
    • [ANNOUNCE] OpenWindows Augmented Compatibility Environment for Solaris 9 and 10, BETA 3
      ... The OpenWindows Augmented Compatibility Environement for Solaris 9 and 10. ... then these packages are ... Although most of the binaries provided here are SUN Microsystems ...
    • Re: The sorry state of SUNW
      ... One could wonder if Sun hasn't learned a valuable lesson when MS ... Would OpenSolaris be considered Unix or a Unix-like OS? ... shift from Debian to Solaris 10 on my server, ... will maintain the several software packages and actually make the call ...
    • Re: Is Yahoo! moving from FreeBSD?
      ... >> FreeBSD ports system replacement for use on Sun Solaris. ... > NetBSD presets for compiling packages on Solaris? ... Because provide binary only packages for Solaris, ...